ClawHub

Uniswap API

Security checks across malware telemetry and agentic risk

Overview

This Uniswap skill appears purpose-aligned, but its swap action documentation is ambiguous around whether it only builds transaction data or performs value-changing operations.

Review the create_swap behavior carefully before installing. Use it only with explicit user confirmation for any swap-building flow, verify the exact calldata and recipient before signing, and do not assume the API call itself executes a trade unless the wallet later signs and submits the transaction.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation labels `create_swap` as a write action that changes Uniswap API state, while the rest of the file describes it as generating transaction calldata from an existing quote and optional permit. This mismatch can mislead an agent into applying unnecessary confirmation logic or, worse, misunderstanding the safety boundary between off-chain payload generation and actual on-chain execution.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file contains contradictory guidance about whether this action is a harmless calldata-construction step or a state-changing write. In an agent setting, ambiguous operational semantics are security-relevant because they can cause incorrect trust decisions, unsafe automation, or user confirmation flows that do not match the real risk of the action.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description says to use this skill for ANY Uniswap API request and instead of calling the API directly, which is an overly broad routing instruction. Broad triggers can cause the agent to invoke the skill in situations it does not safely cover, increasing the chance of unintended actions, misuse of credentials, or bypass of more specific safeguards that would exist in direct handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal